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Abstract. We present a framework for obtaining effective characterizations of simple 
fragments of future temporal logic (LTL) with the natural numbers as time domain. 
The framework is based on a form of strongly unambiguous automata, also known 
as prophetic automata or complete unambiguous Biichi automata and referred to as 
Carton-Michel automata in this paper. These automata enjoy strong structural prop- 
erties, in particular, they separate the "finitary fraction" of a regular language of infi- 
nite words from its "infinitary fraction" in a natural fashion. Within our framework, 
we provide characterizations of several natural fragments of temporal logic, where, in 
some cases, no effective characterization had been known previously, and give lower 
and upper bounds for their computational complexity. 



1. Introduction 

Ever since propositional linear-time temporal logic (LTL) was introduced into computer 
science by Amir Pnueli in [23] it has been a major object of research. The particular 
line of research we are following here is motivated by the question how each individual 
temporal operator contributes to the expressive power of LTL. More precisely, our ob- 
jective is to devise decision procedures that determine whether a given LTL property 
can be expressed using a given subset of the set of all temporal operators, for instance, 
the subset that includes "next" and "eventually" , but not "until" . 

As every LTL formula interpreted in the natural numbers (the common time domain) 
defines a regular language of infinite words (w-language) , the aforementioned question 
can be viewed as part of a larger program: classifying regular w-languages, that is, finding 
effective characterizations of subclasses of the class of all regular w-languages. Over the 
years, many results have been established and specific tools have been developed in this 
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program, the most fundamental result being the one that says that a regular w-language 
is star-free or, equivalently, expressible in first-order logic or in LTL if, and only if, its 
syntactic semigroup is aperiodic (T5 | [27 ], [21] . 

The previous result is a perfect analogue of the same result for regular languages 
of finite words, that is, of the classical theorems by Schiitzenberger [25], McNaughton 
and Papert [18] , and Kamp |15| . In general, the situation with infinite words is more 
complicated than with finite words; a good example for this is given in [8], where, for 
instance, tools from topology and algebra are used to settle characterization problems 
for w-languages. 

The first characterization of a fragment of LTL over finite linear orderings was given 
in [5], another one followed in [10], both following a simple and straightforward approach: 
to determine whether a formula is equivalent to a formula in a certain fragment, one 
computes the minimum reverse DFA for the corresponding regular language and veri- 
fies certain structural properties of this automaton, more precisely, one checks whether 
certain "forbidden patterns" do not occur. The first characterization for infinite words 
(concerning stutter-invariant temporal properties) [20] used sequential relations on oj- 
words; the second (concerning the nesting depth in the until/since operator) [30J used 
heavy algebraic machinery and did not shed any light on the computational complexity 
of the decision procedures involved. In fact, the upper bound that can be derived from 
this work is non-elementary. 

In this paper, we describe a general, conceptually simple paradigm for characterizing 
fragments of LTL when interpreted in the natural numbers, combining ideas from [S] [TO] 
for finite words with the work by Carton and Michel on unambiguous Biichi automata 
[31 H]. The approach works roughly as follows. To determine whether a given formula 
is equivalent to a formula in a given fragment, convert the formula into what is called a 
"prophetic automaton" in [22j, check that the automaton, when viewed as an automaton 
on finite words, satisfies certain properties, and check that languages of finite words 
derived from the accepting loops ("loop languages") satisfy certain other properties. In 
other words, we reduce the original problem for w-languages to problems for languages 
of finite words. We show that the approach works for all reasonable fragments of future 
LTL and yields optimal upper bounds for the complexity of the corresponding decision 
procedures for all but one fragment. 

Clearly, the prophetic automaton we start out with is the output of a straightforward 
translation; one cannot (!) expect that it provides much information about the nature 
of the language recognized. When we check properties of the automaton when viewed as 
an automaton on finite words, we first take a quotient, which makes the automaton in 
some sense canonical. In addition, when we derive the loop languages (representing the 
infinitary part of the given language) we do this with respect to that quotient, making 
the loop languages canonical in some sense. This approach ensures that overall we do 
not analyze more or less arbitrary objects derived from the given formula, but objects 
(languages) representing very well the nature of the property defined. 

Fragments of temporal logic have been studied from different perspectives. One 
question that has been raised several times is what exactly is the right fragment to 
specify a given system. A very general answer to this has been given by Leslie Lamport 
in his seminal paper, [14] . on the Temporal Logic of Actions. Another question that 
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has been worked on is how the complexity of model checking depends on the particular 
fragment considered; results on this can already be found in the groundbreaking paper 
[26], by A. Prasad Sistla and Edmund Clarke. The perspective taken in this paper is 
different, as pointed out above. 

A note on terminology. As just explained, we work with a variant (for details, see below) 
of the automaton model introduced by Carton and Michel in [31 S] and named CUBA 
model (Complete Unambiguous Biichi Automata). In [22J, Pin uses "prophetic au- 
tomata" to refer to CUBA's. In the conference version of this paper, [23], we referred to 
these automata as "Carton-Michel automata" (CMA) and we stick to this terminology 
in this paper. At the conference, STACS 2012, Thomas Colcombet gave an invited talk 
on determinism, non-determinism, and unambiguity with a very broad perspective and 
used, justified by his broad perspective, the notion "strongly unambiguous automata" 
(SUA) for a somewhat weaker form of unambiguity, see also the contribution to the 
conference proceedings, [6]. 

Outline. In Section 2, we provide background on the topics relevant to this paper, in 
particular, CMA's, propositional linear-time temporal logic, and its translation into 
CMA's. In Section 3, we present our characterizations. In Section 4 to Section 8, we 
give proofs of the correctness of our characterizations, and in Section 9, we explain 
how our characterizations can be used effectively and deal with complexity issues. We 
conclude with open problems. 

2. Basic Notation and Background 

2.1. Reverse Deterministic Biichi Automata. A Biichi automaton with a reverse 
deterministic transition function is a tuple (A,Q,I,-,F) where 

— A is a finite set of symbols, 
- Q is a finite set of states, 

— / £ Q is a set of initial states, 

— ■ is a reverse transition function A x Q -> and 

— F £ Q is a set of final states. 

As usual, the transition function is extended to finite words by setting e • q = q and 
au - q - a - (u - q) for q e Q, a e A, and u e A*. For ease in notation, we write uq for u- q 
when the transition function • is clear from the context. 

A run of an automaton as above on an w-word u over A is an w-word r over Q 
satisfying the condition r(i) = u(i)r(i + 1) for every i < uj. Such a run is called initial if 
r(0) e /; it is final if there exist infinitely many i such that r(i) e F; it is accepting if it 
is initial and final. The language of w-words recognized by such an automaton, denoted 
L(A) when A stands for the automaton, is the set of w-words for which there exists an 
accepting run. 
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Figure 1: CMA which recognizes (a + b)*b u 

2.2. Carton— Michel Automata. An automaton as above is called a Carton-Michel 
automaton ( CMA ) if for every w-word over A there is exactly one final run. Such an 
automaton is trim, if every state occurs in some final run. — The original definition of 
Carton and Michel in O d] is slightly different, but for trim automata — the interesting 
ones — the definitions coincide. 

As an example, consider the automaton depicted in Figure [H which is a CMA for 
the language denoted by (a + b)*b u . Note that we depict p = aq as 

An initial state has an incoming edge — >, a final state has a double circle O. Note 
that both components in Figure [1] belong to the automaton. The right component is 
needed to satisfy the condition that every u;-word has a final run in the automaton. 

The fundamental result obtained by Carton and Michel is the following. 

Theorem 2.1 (Carton and Michel [3j Hj). Every regular oo-language is recognized by 
some CMA. More precisely, every Biichi automaton with n states can be transformed 
into an equivalent CMA with at most (12n)™ states. 

Let A be a CMA over an alphabet A and u e A + . The word u is a loop at qii q - uq 
and there exist v,w € A* satisfying vw = u and wq e F. The set of loops at q is denoted 
S(q). What Carton and Michel prove about loops is: 

Lemma 2.2 (Carton and Michel [3 2]). Let A be a CMA over some alphabet A. Then, 
for every u e A + , there is exactly one state q, denoted u) and called anchor of u, such 
that u is a loop at q. 

In other words, the S(q) 's are pairwise disjoint and \J ge Q S(q) = A + . 

2.3. Generalized Carton— Michel Automata. A generalized Carton-Michel automa- 
ton ( GCMA ) is defined as expected. It is the same as a CMA except that the set F of 
final states is replaced by a set # £ 2^ of final sets, just as with ordinary generalized 
Biichi automata. For such an automaton, a run r is final if for every Fe J there exist 
infinitely many i such that r(i) 6 F. 

The above definitions for CMA's can all be adapted to GCMA's in a natural fashion. 
For instance, a word u is a loop at some state q in a GCMA if q = uq and for every F e T 
there exist v,w £ A* such that u = vw and wq e F. 

It is a theorem by Carton and Michel that every GCMA can be converted into an 
equivalent CMA: 
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Theorem 2.3 (Carton and Michel [311]). Let A = (A,Q,I,-,$) be a GCMA such 
that \Q\ = n and |5| = m. There is an equivalent CMA A' = (A' ,Q' ,1' ,•' such that 
\Q'\<2 mn . 

The proof of Lemma 12.21 given in [3] carries over to GCMA's without any change. 
Therefore, we sometimes apply the lemma in the context of GCMA's even though it is 
not phrased in this context. 

2.4. Temporal Logic. In the following, it is understood that temporal logic refers to 
propositional linear-time future temporal logic where the natural numbers are used as 
the domain of time. For background on temporal logic, we refer to [9] and As we 
are dealing with automata and formal languages, we use an approach where the atomic 
formulas stand for symbols of an alphabet rather than propositional variables, but note 
that both approaches are interchangeable. 

Given an alphabet A, the set of temporal formulas over A, denoted TL^, is typically 
inductively defined by: 

(i) for every a € A, the symbol a is an element of TL^, 

(ii) if p e TLa, so is -*(p, 

(iii) if (p,ip e TL^, so are p v ip and <p a if;, 

(iv) if p e TLa, so is Xp ("next </?"), 

(v) if p e TL^, so are F(p and G<p ("eventually p> ri and "always ip"), 

(vi) if cp,ip 6 TL^, so are ip\Jip and ipRip ("<p until ip" and "cp releases ip"). 

Often, the operators XF ("strictly eventually") and XG ("strictly always") are part of the 
syntax of temporal logic; we view them as abbreviations of XF and XG. For instance, 
XF(a a XG-.6) is viewed as X(F(oaX(G4))). (Obviously, F and G can be viewed as 
abbreviations of (a v -ia)U and (a a ->a)R, respectively.) 

Formulas of TL^ are interpreted in w-words over A. For every such word u, we 
define what it means for a formula to hold in u, denoted u l= cp, where we omit the 
straightforward rules for Boolean connectives: 

• u 1= a if it(0) = a, 

• u l= Xp if it[l, *) l= <p, where, as usual, u[l, *) denotes the word u(l)u(2) . . . , 

• u t= Fip if there exists i > such that u[i, *) 1= (p, similarly, u 1= Gtp if u[i, *) 1= p 
for all i > 0, 

• u l= ip\Jip if there exists j > such that u[j, *) 1= tp and u[i, *) \= ip for all i < j, 
similarly, u 1= (pRip if there exists j > such that u[j, *) 1= ip and u[i, *) 1= ip for 
all i < j or if u[i, *) 1= -0 for all i > 0. 

Clearly, a formula of the form -<Fp is equivalent to G->p, and a formula of the form 
-*{p\Jip) is equivalent to ->ipR->ip, which means F and G as well as U and R are dual to 
each other; X is self-dual. 

Given a TL^ formula p, we write L(^) for the set of w-words over A where cp holds, 
that is, L(ip) = {u e A w :u 1= p}. This w-language is called the language defined by p. 

Given TL^ formulas p and ip, we say p and ip are equivalent, denoted <p = ip, if 
L(p) = L(ip) holds. 
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2.5. Negation Normal Form. In the later sections of this paper, we always assume 
that LTL formulas can be assumed to be in negation normal form, which means (ii) from 
above is not used. The reason that we can do so is that -> can easily be "pushed in", as 
is explained in the following lemma. 

Lemma 2.4. Let A be some alphabet, a e A, and <p,ip e TLa- Then: 
—id = \/ b , -iXtp = X-i(p , 

6eA\{a} 

-■Ft/? = G-iy? , -iG<p = F-itp , 

->((p\Jtp) = -i(pR-iij) , -i((pRip) = -iipU-ii/) . 

Proof hints. The proofs of the individual equivalences are straightforward. Only the 
proof of the second one is not generic in the sense that it fails for finite words, but for 
infinite words, which we only consider, no problem occurs. □ 

From a complexity point of view, it is important to note that when a formula is 
converted to negation normal form, the size of the formula does not increase much and 
neither does the number of its subformulas: the increase in the length is at most the 
number of occurrences of alphabet symbols in the formula and the increase in the number 
of subformulas is at most the number of alphabet symbols. These increases do not have 
any influence on the upper bounds we prove in later chapters. 

2.6. Fragments of Temporal Logic. An operator set is a subset of the set of all 

basic temporal operators, {X, F,XF, U}. If A is an alphabet and O an operator set, then 
TL^[0] denotes all LTL formulas that can be built from A using Boolean connectives 
and the operators from O. We say a language L £ A w is O- expressible if there is a 
formula tp e TL^[0] such that h(tp) = L. The O -fragment is the set of all LTL-formulas 
tp such that L(ip) is O-expressible. 

Observe that several operator sets determine the same fragment: {XF} and {F,XF}; 
{U} and {F,U}; {XF,U} and {F,XF,U}; {X,F}, {X,XF} and {X,F,XF}; {X,U} and every 
superset of this. 

What we are aiming at are decision procedures for each fragment except for the one 
determined by {XF, U}. 

2.7. Ehrenfeucht Fra'isse Games for Temporal Logic. The statements of our re- 
sults (Section I3.2|) do not involve Ehrenfeucht -Fra'isse games (EF games), but we use 
them extensively in our proofs. We make use of them in Section [5j 

In the following, we recall the basics of EF games for temporal logic, see [10j for 
details. 

A play of a temporal logic EF game is played by two players, Spoiler and Duplicator, 
on two oj- words over some alphabet A, say u and v. The game is played in rounds, where 
in every round, Spoiler moves first and Duplicator replies. The basic idea is that Spoiler 
is trying to reveal a difference between u and v which can be expressed in temporal logic, 
while Duplicator is trying to show — by somehow imitating the moves of Spoiler — that 
there is no such difference. 
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There are different types of rounds, corresponding to the temporal operators con- 
sidered. We explain the ones that we need: 

X-round. Spoiler chooses either u or v, say v, and chops off the first letter of v, 
that is, he replaces v by v[l, *). Duplicator does the same for u. 

F-round. Spoiler chooses either u or v, say v, and chops off an arbitrary finite 
(possibly empty) prefix, that is, he replaces v by v[i, *) for some i > 0. Duplicator 
replaces u (the other word) by u[j, *) for some j > 0. 

yf -round. Spoiler chooses either u or v, say v, and chops off an arbitrary non-empty 
finite prefix, that is, he replaces v by v[i, *) for some i > 0. Duplicator replaces u (the 
other word) by u[j, *) for some j > 0. 

Before the first round, u(0) and v(0) are compared. If they are distinct, then this is 
a win (an early win) for Spoiler. After each round, the same condition is verified, and, 
again, if the two symbols are distinct, then this is a win for Spoiler. If, by the end of a 
play, Spoiler hasn't won, then this play is a win for Duplicator. For a fixed n, Duplicator 
wins the n-round game, if Duplicator has a strategy to win it. 

When only rounds are allowed that correspond to operators in a temporal operator 
set O £ {X, F,XF}, then we speak of an 0-game. 

The fundamental property of EF games we are going to use is the following, which 
was essentially proved in [10J. 

Theorem 2.5. Let L be a language of co-words over some alphabet A and O £ {X, F,)4-} 

a temporal operator set. Then the following are equivalent: 

(A) L is O -expressible. 

(B) There is some k such that for all words u,v e A u with u e L *f> v € L, Spoiler 
has a strategy to win the O-game on u and v within k rounds. 

2.8. From Temporal Logic to Carton Michel Automata. Several translations 
from temporal logic into Btichi and generalized Biichi automata are known, see, for 
instance, |31 | 129 1 fT2] . Here, we follow the ideas of these papers and "observe" that the 
resulting automaton is a GCMA. This is supposed to be folklorej^ but — to the best of 
our knowledge — has not been made precise yet. 

Let (p e TL^ and let sub(<^) denote the set of its subformulas. We define a GCMA 
A v = (A, 2 sub ( ¥> ) , /, •jS'). Our goal is to construct the automaton in such a way that in 
the unique final run r of this automaton on a given word u the following holds for every 
i and every i\) e sub((/?): 

u[i, *) N ip iff iper(i) . (2.1) 

First, we set I = £ sub(<^):<^ e which is motivated directly by (|2.ip . 
Second, we define a ■ $ to be the smallest set e 2 sub ^^ satisfying the following 
conditions: 

(i) if a € sub(<^), then ae$, 

(ii) if -16 e sub(yj) and b 4- a, then -16 e ^, 

(iii) if tfi e ^ and x 6 ^ then fiA^$, 



Personal communication of the second author with Olivier Carton: the observation can already be 
found in the notes by Max Michel which he handed over to Olivier Carton in the last millennium. 
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(iv) if tp e ^ or \ e then tp v x e \I>, 

(v) if ^ 6 3>, then X0 6 ^, 

(vi) if tp € ^ or Ftp e then F-0 e ^, 

(vii) if tp € $ and e <£, then G?/> e 

(viii) if x g ^ or if ^ e \& and 0Ux e then tplix e *> 

(ix) if x e * an d if ?/> e ^ or tpRx e ^, then -^Rx e ^ 

This definition reflects the "local semantics" of temporal logic, for instance, Ftp is true 
now if, and only if, tp is true now or Ftp is true in the next point in time. Observe, 
however, that the fulfillment of Ftp must not be deferred forever, which means that local 
conditions are not enough to capture the entire semantics of temporal logic. This is 
taken care of by the final sets. 

Third, we list the subsets of sub(<^) which belong to 

• for every formula Ftp e sub(</9), the set {3> £ sub(ip)-tp e <E> or Ftp £ $}, 

• for every formula Gtp € sub (y), the set {<3? £ sub (<£>): Gtp e <3? or tp £ <3?}0 

• for every formula tplix, the set {<£ £ sub(93):x £ $ or tp\Jx £ 

• for every formula tpRx, the set {$ £ suh(ip): tpRx e 3> or x £ 



Example 2.6 (99 = aR6). After trimming, the automaton 
looks as follows. 

a 



for the formula ip = aRb 




{6,aR6} 



The doubly circled states form the only final state set. 

Proposition 2.7. Let A be an alphabet and ip e TLa- TTien is a GCMA and 
L(A V ) = L( ¥ .). 

Proof. We first show that is a GCMA. To this end, let it be an u;-word over A. We 
show that the word r defined by (|2.1|) . for every i and every tp € sub (</?), is a final run 
on u and the only one. 

The uj-word r is a run on u. To see this, let i > be arbitrary and observe that if 
we define $> and ^ by $ = {tp e sub(y?):iipi + 1, *) 1= -0} and * = e sub(<^):u[i, *) 1= tp}, 
then the implications (i)-(ix) not only hold, but also hold in the opposite direction. That 
is, r(i) = u(i) ■ r(i + 1) for every i, in other words, r is a run on u. 

The run r is final. Obvious from the semantics of the temporal operators. 

The run r is the only possible final run. A proof of this can be carried out along 
the lines of the proof of Theorem 5.37 in [I], where a variant of the construction from 

2 In the conference version of this paper [24] we missed this clause. 
See above. 
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|31j is presented and proved correct. The only differences between the setting in pQ 
and our setting are the atomic formulas and the set of temporal operators used. In our 
setting, atomic formulas correspond to letters of an alphabet; in PQ, atomic formulas are 
propositional variables. We work with a larger set of temporal operators. In the proof 
in pQ, it is shown that an anlogue of (|2,ip holds for any final run, hence the run r is the 
only one. □ 



3. General Approach and Individual Results 

This section has two purposes: it explains our general approach and presents the char- 
acterizations we have found. 

3.1. The General Approach. To describe our general approach, we first need to ex- 
plain what we understand by the left congruence of a GCMA. 

Let A be a GCMA. For every q e Q, let L q denote the set of words u e A* such 
that uq e /. The relation =a on Q, which we call the left congruence of A, is defined by 
q =a q' when L q = L q >. The terminology is justified: 

Remark 3.1. Let A be a GCMA. Then =a is a left congruence, that is, uq =a uq' 
whenever u e A* and q,q' e Q are such that q =a q'- 

In other words, we can define the left quotient of A with respect to =a to be the 
reverse semi DFA A/=a given by 

A/=A = (A,Q'/= A ,I/= A ,o) (3.1) 

where 

• Q' is the set of all states that occur in some final run of A (active states), and 

• a o (q/= A ) - (a - q)/=A for all a e A and q e Q'. 

As usual, the attribute "semi" refers to the fact that this automaton has no final states 
nor final sets. 

Next, we combine the left congruence of a GCMA with its loops. The loop language 
of a state q of a GCMA A is denoted LL(g) and defined by 

LL(q) = U S(q') , (3.2) 
q'=Aq 

that is, LL(g) contains all loops at q and at congruent states. 

Our general approach is to characterize a fragment of LTL as follows. To check 
whether a given formula ip is equivalent to a formula in a given fragment, we compute 
the GCMA A v and check various conditions on its left quotient and its loop languages. 
It turns out that this is sufficient; intuitively, the left quotient accounts for the "finitary 
fraction" of L(A^), whereas the loop languages account for its "infinitary fraction". 
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fragment 


left quotient 


loop languages 


X 


/ \ / \ 


no condition 




\ i \ i 
y ' y ' 

O O 




F 


o^p 

/ \ 
1 i 


1-locally testable 




1 1 






XF 


o^p 

/ \ 
I 1 


1-locally testable 




1 1 

o^b 




X, F 




locally testable 




cjxxidpj 


U 


o^-o^o 


stutter- invariant 



Table 1: Characterizations of the individual fragments of LTL 



3.2. Characterization of the Individual Fragments. The formal statement of our 
main result is as follows. 

Theorem 3.2. Let A be some alphabet, ip an LTL-formula, and O a temporal operator 
set as listed in Table [7J Then the following are equivalent: 

(A) The formula ip belongs to the O -fragment. 

(B) The left quotient of and its loop languages satisfy the respective conditions 
listed in Table [7J (Information on how to read this table follows.) 

Conditions on the left quotient of A„ are phrased in terms of "forbidden patterns" 
(also called "forbidden configurations" in |5J). To explain this, let A = (A,Q,I,o) be 
any reverse semi DFA. Its transition graph, denoted T(A), is the A-edge-labeled directed 
graph (Q, E) where E = {(ao q,a,q):a £ A,q € Q}. 

Now, the conditions depicted in the second column of Table [1] are to be read as 
follows: the displayed graph(s) do not (!) occur as subgraphs of the transition graph 
of the left quotient of A v , that is, as subgraphs of T(A lf /=A v )- Vertices filled gray 
must be distinct, the others may coincide (even with gray ones); dashed arrows stand 
for non-trivial paths. 
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For instance, the condition for the left quotient in the case of the {X}-fragment 
requires that the following is not true for T(A ip /=A lfi )- there exist distinct states q and 
q' and a word x e A + such that q = x o q and q' = x o q'. 

Note that for the {X}-fragment one forbidden pattern consisting of two strongly 
connected components is listed, whereas for the {F}-fragment two forbidden patterns 
(indicated by the horizontal line) are listed. 

The conditions listed in the third column of Table [1] are conditions borrowed from 
formal language theory, which we explain in what follows. For a word u & A* and k > 0, 
we let prf fc (ii), sffxfc(u), and occult) denote the set of prefixes, suffixes, and infixes of 
u of length < k, respectively. For words u,v € A* , we write u =k+i v if prf fc (u) = prf fc (u), 
occfc +1 (u) = ocCfc + i(-u), and sffxfc(u) = sffxfc(u). A language L is called (k + l)-locally 
testable if u e L <-> v e L, whenever u =& v, and it is called locally testable if it is ^-locally 
testable for some k, see [2J. 

A language L c A + is stutter-invariant if uav e I « uaav e L holds for all at A, 
u,wc A*. 

3.3. Proof techniques. For each fragment dealt with in Theorem 13.2^ we have a sepa- 
rate proof, some of them are similar, others are completely different. In this section, we 
give a brief overview of our proofs. 

For the operator set {X}, the proof is more or less a simple exercise, given that 
{X}-expressibility means that there is some k such that u 1= ip is determined by prf fc (tt). 

For the operator sets {F}, {XF}, and {X, F}, we use similar proofs. 

For {U}, we use a theorem from [19], which says that an LTL formula over some 
alphabet A is equivalent to a formula in TL^fU] if the language defined by the formula 
is stutter- invariant, where stutter invariance is defined using an appropriate notion of 
stutter equivalence on oj- words. 

Throughout the next sections, for ease in notation, we often write q for q/=A, where 
q is a state in A. When u e A^ , then u ■ oo denotes the first state of the unique final run 
of A on u, and inf(n) = {a e A: 3°°i(u(i) = a)}. For a € A and u e A* , \u\ a denotes the 
number of occurrences of a in u. 

4. Characterization of the {X}-Fragment 
We start with the characterization of the {X}-fragment, which is straightforward. 

Theorem 4.1. The following are equivalent for a given trim GCMA A: 

(A) L(A) is X- expressible. 

(B) The transition graph T(A/=a) does not have a subgraph of the following form (in 
the above sense): 

x x (Tl) 

/ \ / \ 
i i i i 
\ i \ i 

y i y i 

(p) (?) 
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Proof. (A) implies (B): Let L(A) be X-expressible. Let ip e TL^[X] such that L(A) = 
L(yj). Let k - length^) where length may be any reasonable function to determine 
the length of a given formula ip as a natural number. Obviously for each w e L(</j) and 
v e A u the following implication holds: If prf fc (-u) = prf fc (tu) then u e L(</?). Let pep 
and g e g. Then there exists u e A* with u-pel^u-qeL Let u, v' e A^ such that 
p = v ■ oo and q = v' ■ oo. Assume that T(A/=a) has a subgraph of type (Tl). Then 
prf k (ux k v ) = prf fc (ux fc i/) but ux k v e L(A) ux k v' e L(A), which is a contradiction. 

We show that (B) implies (A) by contraposition. Assume L(A) is not X-expressible. 
Then for every natural number k there exist u,v e A u with prf fc (n) = prf fc (f) and 
u e L(A) i; € £(A). Let > |Q 2 | and u,v as described. Let r be the run of A on 
u and s be the run of A on v. Note that r(i) s(i) for every i < k because r(0) e / 
and s(0) f! /. Since k > \Q 2 \ there exist i < j < k with r(z) = r(j) and s(i) = s(j). From 
prf fc (n) = prf fc (u) we get u(i) . . . u(j - 1) = v(i) . . . v(j - 1) and T(A/=a) has a subgraph 
of Type (Tl). □ 



5. Characterization of the {XF}-Fragment 

The second characterization we prove correct is the one of the {XF}-fragment. Since 
every GCMA can obviously be turned into an equivalent trim GCMA, all GCMA are 
assumed to be trim subsequently. 

We start with a refined version of Theorem 13.21 for the {XF}-fragment. 

Theorem 5.1. The following are equivalent for a given trim GCMA A: 

(A) L(A) is yp -expressible. 

(B) (a) The transition graph T(A/=a) does not have a subgraph of the following form 

(in the above sense): 




(b) For all u, v e A + with occi(n) = occi(u), it holds that u) =a v). 
(C) (a) The same as in (B)(a). 

(b) (i) For all u,v e A* , a e A, it holds that uav) =a uaav). 
(ii) For all u,v e A* , a,b € A, it holds that uabv) =a ubav). 

Observe that (B)(b) means that the loop languages are 1-locally testable. In other 
words, the above theorem implies that the characterization of the {)4-}-fragment given 
in Theorem 13.21 is correct. 

Before we get to the proof of Theorem 15. II we provide some more notation and prove 
some useful lemmas. 

Lemma 5.2. Assume T(A/=a) has a subgraph of type (T2). Then for every k there 
exist words u,v e A u such that Duplicator wins the k-round yf-game on u and v, but 
u e L(A) v € L(A). 
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Proof. Assume T(A/=a) has a subgraph of type (T2). That is, there are states p* q,f, s, 
words x,y e A + , and a letter a € A such that p = a o f, q - ao s, s = y of and f = x o s. 
We find states ro, r\, . . . , and so, si, • • • such that 

• f i = f and Si - s for all i < u), and 

• x ■ Si = ri and y-r; L - Sj+i for all i < a;. 

Because Q is a finite set, we find / > and i such that r, = rj + ;. Since A is trim, we 
find i> such that v ■ oo = rj and it such that ua • rj e / iff ua • Sj £ I. This means that 
ua(yx) lm v € L uax{yx) lm v e L for all m > 1. 

Clearly, if we choose Im > k, then the two resulting words cannot be distinguished 
in the A;-round XF-game. □ 

Lemma 5.3. Let A be a GCMA such that T(A/=a) does not have a subgraph of type 
(T2). Further, let r and s be the unique final runs of A on words u,v e A w and define f 
and s by f(i) = r(i)/=A and s(i) = s(i)/=A for all i <oj. 

If f(0) * s(0) and inf (f) n inf(s) + 0, then Spoiler wins the k-round yp-game on u 
and v where k is twice the number of states of A/=a- 

Proof. In the following, we use SCC as an abbreviation for strongly connected compo- 
nent. In our context, a state which is not reachable by a non-trivial path from itself is 
considered to be an SCC by itself. For every i < uj, let Ri and Si be the SCC's of 
and s(i) in A/=a, respectively. Observe that because of inf (f) ninf (s) t there is some 
I such that the i?j's and Sj's are all the same for i,j > I. 

Let <K= {Rfi > 0}, 6 = {Sfi > 0}, m = |5K|-1, and n = |6|-1. We show that Spoiler 
wins the XF-game in at most m + n rounds. The proof is by induction on m + n. 

Base case. Let m = n = 0. Then R\ = S\. Because of the absence of (T2), we have 
n(0) ± v(0), and Spoiler wins instantly. 

Induction step. Note that if r is the unique final run of A on u, then r[i, *) is the 
unique final run of A on u[i, *) for every i. 

Let m + n > 0. If n(0) * v(0), then Spoiler wins instantly. If u(0) = v(0), we proceed 
by a case distinction as follows. 

Case 1, R\ = S\. This is impossible because of the absence of (T2). 

Case 2, R\ * S±, R\ i &. Since R\ i & and inf(f) n inf(s) * we have m > 0. So 
there must be some i > 1 such that f(i) e Ri and f(i + 1) £ R\. Spoiler chooses the word 
u and replaces u by u[i,*). 

Now Duplicator has to replace v by v[j, *) for some j > 0. Since R\ £ & we have 
f{i) * s(j) and the induction hypothesis applies. 

Case 3, R\tS\, Si £ 91. Symmetric to Case 2. 

Case 4, Ri * Si, Ri e &, and Si e 9L Impossible, because Ri would be reachable 
from Si and vice versa, which would mean Ri and Si coincide. □ 

Lemma 5.4. Let A be a GCMA. Then the following are equivalent: 

(A) For all u,v e A + with occi(-u) = occi(-u), it holds that u) =a v )- 

(B) (a) For all u,v e A* , a e A, it holds that uav) =a uaav). 
(b) For all u,v e A*, a,b e A, it holds that uabv") =a ubav 1 ). 
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Proof. That (A) implies (B) is obvious. For the converse, let u,v e A + with occi(w) = 
occi(u). Let occi(u) = {do, a%, . . . , a n }. Now, we have 

«5 =A of' 00 a? 1 " 1 . . . atl»»5=A a^af 1 ' 1 . . . aJ?H e a „5 , 

where the first and the last equivalence are obtained by iterated application of (b), and 
the second equivalence is obtained by iterated application of (a). □ 

In what follows, we need more notation and terminology. A word u e A u is an 
infinite loop at q if q = u • oo and q e inf(r) where r is the unique final run of A on u. 

Proof of Theorem 15. II The implication from (A) to (B)(a) is Lemma 15.21 We prove that 
(A) implies (B)(b) by contraposition. Assume (B)(b) does not hold, that is, there are 
u,v £ A + with occi(u) = occ\(v), and u) ^a V). Then there exists x € A* such that 
x ■ u) e / +t* x ■ v) e /, that is, xu u ei</> xv u e L. It is easy to see that Duplicator wins 
the )4--game on xu u and xv u for any number of rounds, which, in turn, implies L is not 
XF-expressible. 

For the implication from (B) to (A), let n be the number of states of A/=a- We 
show that whenever u,v € A^ such that u € L *f* v e L, then Spoiler wins the 2n-round 
XF-game on u and v. 

Assume u,v e A u are such that u € L */* v e L and let r and s be the unique final 
runs of A on u and v, respectively, and f and s defined as in Lemma [5.31 We distinguish 
two cases. 

First case, inf(-u) t inf(f ). Then Spoiler wins within 2 rounds. 
Second case, inf(n) = inf(f). Then there are i, i' and j,j' such that 

• occi(u[i,j]) = occi («[«',/]), 

• u[i, *) ■ oo is an infinite loop at and 

• v[i', *) ■ oo is an infinite loop at v[i' , j'] 1 )- 

From (B)(b), we conclude =a v[i',j']). As a consequence, inf(f) n inf (s) + 0. 

Since f(0) + s(0), Lemma [5^31 applies: L is XF-expressible. 

The equivalence between (B) and (C) follows directly from Lemma 15.41 □ 

6. Characterization of the {F}-Fragment 

The characterization of the {F}-fragment is similar to the one of the {XF}-fragment, but 
a little more complicated. 

Theorem 6.1. The following are equivalent for a given trim GCMA A: 

(A) L(A) is F -expressible. 

(B) (a) The transition graph T(A/=a) does not have a subgraph of the following form 

(in the above sense): 

x [ ) y (TS) ®^®^© (T3) 

(b) For all u, v e A + with occi(u) = occ\(v) it holds that u) =a v). 

(C) (a) The same as in (B)(a). 
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(b) (i) For all u,v e A* , a e A it holds that uav') =a uaav). 
(ii) For all u,v e A* , a, 6 e A it holds that uabv) =a ubav). 

As seen above (B)(b) means that the loop languages are 1-locally testable. In other 
words, the above theorem implies that the characterization of the {F}-fragment given in 
Theorem 13.21 is correct. 

Before we turn to the proof we will state some useful lemmas: 

Lemma 6.2. Assume T(A/=a) has a subgraph of type (T2) or (T3). Then for every 
k there exist words u, v e A u such that Duplicator wins the k-round F-game on u and v, 
but u e L(A) v e L(A). 

Proof. First, assume T(A/=a) has a subgraph of type (T3). That is, there are states 
p,q,f e Q/=a and a symbol a such that aof - q, aoq = p, and p ± q. Let r e f and define 
p and q by q = a • r and p = a - q. Then pzp and q e q, because =a is a left congruence. 

There is some v e A u such that v ■ oo = r. Further, since p ± q, there is some u e ^4* 
such that u-p z I */> u-q e I. In other words, uav ei</» -uaa-u € L. Clearly, the two words 
cannot be distinguished in the F-game. 

Second, assume T(A/=a) has a subgraph of type (T2). That is, there are states 
p + q,f,s words x, y € A + and afi such that p = aof, q - ao s, s = y of and f = xof, 
We find states ro, ri, . . . and so, si, . . . such that 

(1) f,i-f and Si = s for all i, 

(2) x-Si-ri and y • r, = Sj + i for all i 

Because Q is a finite set, we find / > and i such that rj = rj + ;. In addition, we find 
v such that w • oo = n and u such that ua ■ e I ■¥* ua ■ S{ e /. This means that 
ua(yx) lrn v € L uax(yx) lm v e L for all m> 1. 

Clearly, if we choose Im > k, then the two resulting words cannot be distinguished 
in the fe-round F-game. □ 

Lemma 6.3. Let A be an GCMA such that T(A/=a) does not have a subgraph of type 
(T2) or (T3). Further, let r and s be the unique final runs of A on words u,v e A w and 
define f and s by f(i) = r(i)/=A and s(i) = s(i)/=A for all i < u. 

If r(0) t s(0) and inf(f) n inf (s) t 0, then Spoiler wins the k-round f-game on u 
and v where k is twice the number of states of A/=a- 

Proof. Let Ri and Sj be the SCC's of f(i) and s(j) in A/=a, respectively. 

There are i and j such that the SCC's of f(i') and s(j') for i' > % and j' > j are all 
the same. 

Let £K = {Rfi > 0}, & = {Sfi > 0}, m = |9t|, and n = \<S\. We show that Spoiler wins 
the game in at most m + n rounds. The proof is by induction on m + n. If u(0) * v (0) 
Spoiler wins instantly. Otherwise, we distinguish several cases. 

Case 1, R\-S\. This is impossible because of the absence of (T2). 

Case 2, R\ * S\, R\ i 6. Since R± i 6 and inf(f) n inf(s) + we have m > 1. So 
there must be some i > 1 such that f(i) e R\ and f(i + 1) i R\. Spoiler chooses the word 
u and replaces u by u[i, *). 

If u(i) t v(0) Duplicator has to replace v by v[j, *) for some j > if she does not 
want to lose right away. The induction hypothesis applies since f(i) e Ri £ 6 and so 
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If u(i) = v(0)(- ii(0)), we have to show that f(i) $ s(0) to be able to apply the 
induction hypothesis. Assume that f(i) = s(0). Since r(i) € R\ j. & and s(l) e S%, we 
have s(0) ± s(l) and s(0) = v (O)os(l), i. e. f(i) = u(0)os(l) and f(i) # s(l). The absence 
of (T3) leads to f(i) = v(0) of(i) and the absence of (T2) leads to f(0) = v(0) of{i). We 
get f (0) = f (£) = s(0) — a contradiction. 

Case 5, R\ + S\, S\ f JH. Symmetric to Case 2. 

Case ^, R\ ^ S\, Ri e (3, and Si e 1H. Impossible, because i?i would be reachable 
from Si and vice versa, which would mean R\ and S\ coincide. □ 

Proof of Theorem 16.11 That (A) implies (B)(a) follows from Lemma 16.21 bv contraposi- 
tion. 

We prove that (A) implies (B)(b) by contraposition. Assume (B)(b) does not hold. 
Then there are u,v e A + with occi(n) = occi(u) and u) v^. Then there exists x e A* 
such that x ■ u) e / x ■ v) e /, that is, xu u eI</» xv w e L. Now it is easy to see that 
Duplicator wins the F-game on xu^ and xv u for any number of rounds, which, in turn, 
implies L is not F-expressible. 

For the implication from (B) to (A), let n be the number of states of A/=a- We 
show that whenever u, v e A^ such that u € L */* v € L Spoiler wins the max{2n, 2}-round 
F-game on u and v. 

Assume u,v e A w are such that it e L and v £ L. We distinguish two cases. 

First case, inf(u) t inf(f ). Then Spoiler wins within at most 2 rounds. 

Second case, inf(n) = inf(u). Then there are and j,j' such that 

• occi(>[i,j]) =occ 1 (v[i , ,j']), 

• u[i, *) ■ oo is an infinite loop at it[i,j]), and 

• v[i', *) ■ oo is an infinite loop at v[i' , j'])- 

From (B)(b), we conclude u[i,j]) =a v[i',j']^. As a consequence, Lemma [6731 applies: 
L is F-expressible. 

The equivalence between (B) and (C) follows directly from Lemma 15.41 □ 

7. Characterization of the {X, F}-Fragment 

The correctness proof for the characterization of {X, F}-fragment follows the one for the 
{F}-fragment. We begin with a theorem corresponding to Theorems 16.11 and 15.11 

Theorem 7.1. The following are equivalent for a given trim GCMA A: 

(A) L(A) is XF -expressible. 

(B) (a) The transition graph T(A/=a) does not have a subgraph of the following form 

(in the above sense): 




x 



(b) For some natural k and all u,v e A + with u E fc+1 v we have u) =a v), i. e., for 
every q^Q, the set U q '= A q S(q') is locally testable. 
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Before we turn to the proof we will again state some useful lemmas: 

Lemma 7.2. Assume the transition graph T(A/=a) has a subgraph of type (T4). Then 
for every k there exist words u,v e A u such that Duplicator wins the k-round XF -game 
on u and v, but u e L v e L. 

Proof. Assume (T4) occurs in T(A/=a)- First observe that for every state Pi,qj e Q 
with pi - p and q~i = q and every I it holds that 

z l opi = p , z l o cjj = q ,p = xoq j ,q = y°pi . 

Then, observe that for every state r there exist k and I > such that z k -r = z k+l ■ r. 
Since k can be replaced by any larger number and I by any multiple of I, we can assume 
k and I are the same for all states. Let I be fixed with that properties. 

Let pi € Q with pi = p. Since Q is finite, there exist j,m with (xz 2l yz 2l y ■ pi = 
(xz 2l yz 2l y +m ■ pi. It follows easily, that there exist x',y',z' e A + and p',q' e Q with 
p' t q', p' = p, q' = q and 

i iii iii iii ii 

p = z -p , q = z -q , p = x -q , q =y -p , 

meaning that T(A) also has a subgraph of type (T4). 

In addition, we find u e A* such that u-p'zl*t*u-q'&l and v 6 A^ such 
that p' = v ■ oo and q' = y'v ■ oo. This means that u{{z') n x' (z') n y') n {z') n v e L ^ 
u((z') n x'(z') n y') n (z') n x'(z') n v e L for all n > 1. 

Clearly, if we choose n > k, then the two resulting words cannot be distinguished in 
the fc-round XF-game. □ 

Lemma 7.3. Let A be an GCMA such that T(A/=a) does not have a subgraph of type 
(T4). Further, let r and s be the unique final runs of A on words u, v e A° and define f 
and s by r(i) = r(i)/=A and s(i) = s(i)/=a for all i <oj. 
Assume f(0) t s(0) and inf(f) ninf(s) * 0. Let 

Q = {Qi^ QI= A ■ Qi is an SCC of Q/= A } 

and 

K = 2 £ IQ*| 2 + 2. 
Then Spoiler wins the K-round XF-game on u and v. 

Proof. Let Ri and Sj be the SCC's of f(i) and s(j) in A/=a, respectively. 

There are i and j such that the SCC's of f(i') and s(j') for i' > i and f > j are all 
the same. 

Let £H = {Ri-i > 0}, & = {Sfi > 0}, m = |9t|, and n = \&\. We show that Spoiler wins 
the game in at most K rounds. The proof is by induction on the induction parameter 

E l*f+ Elif + [f(0)*i2i] + [5(0)*S!] . 

Here, [r(0) £ Ri] yields 1 if the condition is true and otherwise, similarly for [s(0) i S{\. 
Adding [f(0) £ R{\ and [s(0) i Si] makes sure that if f(0) ^ Ri or s(0) ^ 5i, then 
a X-move decreases the induction parameter. If u(0) + v(0) Spoiler wins instantly. 
Otherwise, we distinguish several cases. 
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Case 1, R\ = S\. Let c = |i?i| 2 . Spoiler plays c X-rounds. If Spoiler does not win 
in these rounds, then f(c + 1) f. R\ or s(c + 1) j£ S\ because T(A/=a) does not have a 
subgraph of type (T4) , and, since A is co-deterministic, f(c) t s{c). The induction 
hypothesis applies. 

Case 2, R\ + Si, R\ £ &. Then m > 1 and there must be some i > 1 such that 
r(i) € Ri and r(i + 1) i R\. We distinguish two subcases. 

Subcase 2. a, f(i) = s(0). Spoiler plays a X-round, which means Spoiler wins right 
away or the game proceeds with words such that their runs start in f(l) and s(l), 
respectively. The induction hypothesis applies, as s(0) £ Si, see above. 

Subcase 2.b, f{%) * s(0). Spoiler plays an F-round, chooses the word u, and replaces 
u by u[i, *)• The induction parameter decreases by this, because > 2 or f(0) fS Ri. 
If Duplicator chooses to not change v, then the resulting runs start with r(i) and s(0), 
which are distinct. If not, then the runs start with r(i) and s(j) for some j > 1, which 
are states that do not belong to the same SCC and, hence, are distinct. 

Case 3, Ri * Si, Si §. D\, and n > 1. Symmetric to Case 2. 

Case 4, Ri * Si, Ri e &, and Si e 9\. Impossible, because Ri would be reachable 
from Si and vice versa, which would mean Ri and Si coincide. □ 

For o;-words u and v and a natural number k, we write u ~k+i v if P ri fc(^) = P v ^k( v ) 
and occ fe+ i(n) = occ fc+ i(u) = inf fc+1 (u) = inf fc+1 (u). 

Remark 7.4. (1) is an equivalence relation. 

(2) If u ~k+i v i then u and v cannot be distinguished by the /c-round FX-game. 

We can finally turn to the correctness proof of our characterization. 

Proof of Theorem 17.11 That (A) implies (B)(a) follows from Lemma 17.21 by contraposi- 
tion. 

We prove that (A) implies (B)(b) by contraposition. Assume (B)(b) does not hold. 
Let A; be a natural number. There are u, v e A + with u v and u) v ) ■ Then there 
exists x e A* such that x • u) 6 I *f* x ■ € I, that is, xu u e L </» xv w e L. Remark 17.41 
implies Duplicator wins the fc-round XF-game on u u and because of ~k+i "w" ■ But 
this implies Duplicator wins the XF-game on xu^ and xv^ , which, in turn, implies L is 
not XF-expressible. 

For the implication from (B) to (A), let K be as in Lemma 17.31 

We show that whenever u,v e A° such that u e L +t* v € L Duplicator wins the 
max{i^, 2 + A:}-round XF-game on u and v. 

Assume u,v e A u are such that uz L and v i L. We distinguish two cases. 

First case, inffc(u) + inffc(f). Then Spoiler wins within at most 2 + k rounds. 

Second case, inf^(n) = inffc(-u). Then there are and such that 

• u[ij] E fc v[i',j'], 

• u[i, *) ■ oo is an infinite loop at and 

• v[i', *) ■ oo is an infinite loop at v[i' 

From (B)(b), we conclude u[i,j] , 5 =a v[i',j']y As a consequence, Lemma [731 applies: 
L is XF-expressible. □ 
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8. Characterization of the {U}-Fragment 



As mentioned above, the proof for the characterization of the {U}-Fragment uses a 
different approach. We begin by stating the result as a theorem. 

Theorem 8.1. The following are equivalent for a given trim GCMA A: 

(A) L(A) is U -expressible. 

(B) (a) L(A) is TL A - definable. 

(b) The transition graph T(A/=a) does not have a subgraph of the following form 



(c) For all u,v e a*, a e A : uav) =a uaav), i. e., for every q^Q, the set [J S(q') 



The definition of stutter-invariance for languages of u;-words is a little different 
to the one for finite words. We use the definition from |19| . Two lo- words u and v 
over an Alphabet A are called stutter-equivalent iff there are two infinite sequences 
= io < i\ < ?2 < • • • and - jo < ji < ji < ■ ■ ■ such that for every k > u(ifc) = 
u(i k + 1) = ••• = u(ik+i - 1) = v(jk) = v(j k + 1) = ••• = v(j k +i - 1). With the notion of 
stutter-equivalence we define stutter-invariance for w-languages. An w-Language L over 
an Alphabet A is said to be stutter-invariant iff for each pair u, v of stutter-equivalent 
words we have u e L ++ v € L 

For the proof of the above theorem, we need a theorem from |19] which reads as 
follows. 

Theorem 8.2. A TLA-definable u-language L £ A w is U -expressible if and only if L is 
stutter- invariant. 

Proof of Theorem 18. 11 (A) implies (B)(b): Let L(A) be U-expressible. By Theorem 18.21 
L(A) is stutter- invariant. Assume T(A/=a) has a subgraph of type (T3). Then there 
exist u e A* ,p e p and q £ q with u-pel<frv-pel. Since A is trim, there exists 
v e A u with v • oo = q. So we have uav e L(A) *f* uaav e L(A) which means L(A) is not 
stutter-invariant — a contradiction. 

(A) implies (B)(c) by contraposition: Assume there are u, v e A* , a € A with uav) 
uaav). then there exists w e A* with w ■ uav) e I w ■ uaav) e /. Hence w{uav) u e 
L(A) *f* w(uaav) u e L(A) and so L(A) is not stutter-invariant. 

To prove the implication from (B) to (A) we have to show that L( A) is TL^-definable 
and stutter-invariant. Then we can apply Theorem 18.21 and the proof is complete. 

First we show, that L(A) is stutter- invariant. Let w e L(A) with the unique final 
run r and f the factorization of r as seen above. Let i e N with r(i) € inf(r) and 
u = w[0,i) and v = w[i, *). Then r(i) = v ■ oo. Since the loop languages are stutter- 
invariant and r(i) e inf(r), for every v' e A*, a e A and v" e A^ with v'av" = v there 
exists r'(i) £ Q with r'(i) =a r(i) and r'(i) = v'aav" ■ oo which means uv'aav" e L(A). 
Since r{i) e inf (r) this argument can be applied infinitely often at once. The absence of 
(T3) means that for every x e A* and every a e A the equivalence ax ■ r(i) =a aax ■ r(i) 



(in the above sense): 




(T3) 



<?'=A<3 



is stutter-invariant. 
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holds. If u 4- e let u' e A*, a e A and u" e ^4* with u'au" = u. Then u'aau" ■ r(i) e I and 
u'aau"v e L(A). So L(A) is stutter-invariant. □ 

9. Effectiveness and Computational Complexity 

To conclude, we explain how Theorem 13.21 can be used effectively. In general, we have: 

Theorem 9.1. Each of the fragments listed in Table{l\is decidable. 

Observe that for the fragment with operator set {F,U}, this is a result from |20j . 
and for the fragment with operator set {X, F}, this is a result from [3D]. 

Proof of Theorem 19.11 First, observe that A v can be constructed effectively. Also, it is 
easy to derive the left quotient of A v from A v itself and DFA's for the loop languages, 
even minimum-state DFA's for them, simply by using any of the available minimization 
procedures, for instance, the one described in [15] . 

Second, observe that the presence of the listed forbidden patterns can be checked 
effectively. The reason is as follows. The test for the existence of a path between two 
states can be restricted to paths of length at most the number of states. The test for 
the existence of two loops with the same label but distinct starting states (see forbidden 
patterns for {X} and {X, F}) in some semi automaton A = (A, Q, 5) amounts to searching 
for a loop in the semi automaton {A, Q x Q \ {(q,q) \ q e Q}, 5') with transition function 
defined by 5'((q,q'),a) = (5(q,a),5(q' ,a)). In other words, this amounts to a search 
in the original automaton restricted to paths of length at most the number of states 
squared. 

Third, the conditions on the loop languages can be checked effectively. For 1-local 
testability, this is because a language L c A* is not 1-locally testable if, and only if, one 
of the following conditions holds: 

(1) There are words u,v £ A* and there is a letter a e A such that uav € L *f> uaav e 

L. 

(2) There are words u € A* , v e A* and letters a, b e A such that uabv e L *f> ubav e L. 
Again, u and v can be bounded in length by the number of states. For local testability, 
we refer to [16], where it was shown this can be decided in polynomial time. For stutter 
invariance, remember that a language L c A* is not stutter-invariant if, and only if, the 
first from the above conditions holds. So this can be checked effectively, too. (One could 
also use the forbidden pattern listed.) □ 

As to the computational complexity of the problems considered, we first note: 

Proposition 9.2. Each of the fragments listed in Table{l\is PSPACE-hard. 

Proof. The proof is an adaptation of a proof for a slightly weaker result given in [20J . 

First, recall that LTL satisfiability is PSPACE-hard for some fixed alphabet [26] . 
hence LTL unsatisfiability for this alphabet is PSPACE-hard, too. Let A denote such 
an alphabet in the following. 

Second, let c, d, and e be three distinct symbols not in A, let C = {c, d, e}, and let 
F = A u B. For every TL^-formula <p, set 

a v = c a Xc a X(CUGA) a F(d a X(cUd)) aCU(t!a^ , 
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where A stands for VaeA a an d C for cvrfve. 

The formula a v is chosen in such a way that for every u e F u the following are 
equivalent: 

• u N atp, 

• u can be written as vw with v e A + and u; e F w and such that v 1= c A Xc, 
v 1= F(dAX(cUei)), and w\=(p. 

From [19 1 and [10]. it follows that the set of finite words satisfying caXc and F(dAX(cU<i)) 
is not expressible in any of the fragments considered. So if ip is satisfiable, then a v is 
not expressible in any of the fragments. But if ip is not satisfiable, then so is a v , which 
means a v is expressible in any of the fragments considered. In other words, ip >-> is 
an appropriate reduction to prove the claim of the proposition. □ 

Our upper bounds are as follows: 

Theorem 9.3. The {X, F} -fragment is in E (exponential time), the other fragments 
listed in Tabled are in PSPACE. 

Observe that the result for the {U}-fragment is not new, but was already obtained 
in [2D]. 

Proof. The proof is a refinement of the proof of Theorem 19.11 

Observe that each property expressed as forbidden pattern (as used in our charac- 
terizations) can not only be checked in polynomial time (which is folklore), it can also 
be checked non-deterministically in logarithmic space, simply by guessing the paths in 
questions, even if we are given a GCMA and need to check it on its left quotient. So if 
we interweave the construction of A„, which has an exponential number of states, with 
the non-deterministic logarithmic-space tests for the existence of forbidden patterns, we 
obtain a polynomial-space procedure for testing the conditions on T(A lfi /=A lfi )- (This is 
a standard argument in computational complexity.) 

The situation is more complicated for the conditions on the loop languages. First 
observe that from the automaton A v we can get reverse DFA's of size polynomial in the 
size of A v such that every loop language is the union of the languages recognized by 
these reverse DFA's, which allows us to analyze the loop languages effectively. 

We first deal with 1-local testability and stutter invariance and start with the ob- 
servation that 1. and 2. from the proof of Theorem 19. II can be adapted as follows. There 
are two states p and q in A v that are not equivalent with respect to =a and such that 
one of the following conditions is true: 

(1) There are words u,v e A* and there is a letter a e A such that uav e LL(p) and 
uaav e LL(<7). 

(2) There are words u,v e A* and letters a,b e A such that uabv e LL(p) and 
ubav e LL(c/). 

From this, it follows that we can bound the length of u and v polynomially in the size 
of A v , which again yields polynomial-space procedures for both, 1-local testability and 
stutter invariance. 

For (general) local testability, we apply the polynomial-time decision procedure for 
local testability developed in [16] to the product of the reverse DFA's mentioned above, 
which yields an exponential-time algorithm altogether. □ 
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We conclude this section with a more general version of Theorem 19.11 

Corollary 9.4. For each of the fragments listed in Table [7J the following is decidable. 
Given an uo-regular language L, is L definable in the fragment? 

Proof. Given L we can construct effectively a Biichi automaton A which recognizes L, 
see |28| for example. In [7J the decidability of the LTL-definability of L( A) = L is shown. 
Theorem IO yields a GCMA B with L(B) = L(A). Theorem IQ completes the proof. □ 

10. Open problems 

We would like to state some questions: 

(1) Our lower and upper bounds for the complexity of the {X, F}-fragment don't 
match. What is the exact complexity of this fragment? 

(2) Clearly, from our proofs it can be deduced that if a formula <p is equivalent to 
a formula in a fragment, an equivalent formula can be constructed effectively. What is 
the complexity of this construction task? 

(3) It is not difficult to come up with examples where every equivalent formula 
has exponential size (even exponential circuit size). What is the worst-case blow-up? — 
Observe that, in terms of circuit size, there is a polynomial upper bound for the {U}- 
fragment, see [17] . 
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